Åsa Borin: “The Board already shoulders security responsibilities”

By the time this editorial is published, the University Board will have recently met and held its most important meeting of the year. Among other things, the Board has taken note of our internal auditors’ annual report, as well as the university’s report on internal governance and control. The purpose of both of these items is to provide the Board with a basis, when it signs the annual report, for certifying that the University’s internal governance and control has been satisfactory during the period to which the annual report relates.

As a public authority, Stockholm University is covered by the Internal Audit Ordinance and thus also has an obligation to comply with Sweden’s Internal Governance and Control Regulation. This means that the University must have in place a systematic process for internal governance and control that will ensure that the authority fulfils its tasks with reasonable security, achieves the objectives of its activities, and meets the requirements of the Government Agencies Ordinance. According to this ordinance, a risk analysis of the authority must also be conducted, measures must be taken to address identified risks, and these actions must be followed up. The process must be documented to the extent necessary for the authority’s follow-up and for assessing whether its internal governance and control are satisfactory. The regulation also states that there must be a good internal work environment within the authority that creates the conditions for a well-functioning process and systematic work to prevent corruption, undue influence, fraud, and other irregularities.

The Government Agencies Ordinance requires that the University’s activities be conducted efficiently, in accordance with applicable law, and pursuant to the obligations arising from Sweden’s membership in the European Union. All such compliance must also be reported in a reliable and fair manner. In addition, it is required that the authority manages the funds it receives from the State responsibly.

The Higher Education Ordinance states that it is the University Board that must ensure the existence of a satisfactorily effective process for internal governance and control at the University.

Why, then, am I writing about this process? In short, I am doing so because at the same meeting, the Board also had on its agenda the ministry memorandum “Increased Competence about Security Issues at Universities and Colleges” (U2024/00153). The memorandum has been distributed to Sweden’s higher education institutions and contains, among other things, proposals that competence regarding security issues should be taken into account when nominating the board members appointed by the Swedish Government, as well as that the Board’s responsibility regarding operational security should be clarified. The University has already expressed its opinion on these parts of the memorandum, as comments on these proposals were to be received by the Government Offices (Ministry of Education and Research) no later than 14 February.

Security issues are important and have become increasingly relevant in the context of our changing world. As a higher education institution, we have a great responsibility to address the security challenges we face. We must work systematically to deal with security issues, and all employees need to be mindful about such matters. Among other things, this means that all employees of Stockholm University must undergo mandatory courses in information security. If the idea is that the Board’s responsibility for security issues should be a matter of principle, this is already covered within the scope of our current mandate, in that the Board is responsible for our internal governance and control process. On the other hand, the inclusion in the Higher Education Ordinance of detailed regulation of the Board’s mandate regarding current societal challenges is the wrong way to go about handling them.

This text is written by Åsa Borin, University Director. It appears in the section ”Words from the University’s senior management team”, where the management team take turns to write about topical issues. The section appears in every edition of News for staff.

Published 16 February 2024.